In a posting on the Microsoft Security Blog, Tim Rains, a director of Microsoft's Trustworthy Computing Group, has written of the huge number of Java exploits being found in the wild. In the second half of 2010 and first half of 2011, between a half and a third of all exploits observed by Microsoft's Malicious Software Removal Tool attacked vulnerabilities in Java – in the Runtime Environment, the Virtual Machine or the Java SE in the Java Development Kit. Rains based his comments on the latest Microsoft Security Intelligence Report.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

The problem is that as soon as you install Java, is also installs a browser plugin which is turned on by default.
Remember, client-side Java on the web is as dead as a dead Dodo, and everyone who installs Java uses it just for desktop apps.

__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.

I just had a Software Engineer position interview (which turned out to be a ASP.Net position, which I found out after I said I hated ASP) anyway the Lead Architect went on for a bit about how everyone was "moving toward Java"...I was real confused by that but apparently that how he saw it.

__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick

The problem is that as soon as you install Java, is also installs a browser plugin which is turned on by default.
Remember, client-side Java on the web is as dead as a dead Dodo, and everyone who installs Java uses it just for desktop apps.

Unfortunately, not true. Many webinar frameworks use client-side Java applets via the browser. Many student information systems (like the one we are saddled with) use client-side Java applets via the browser. We use a web-based version of the NX Client from No Machine ... that's client-side Java via the web browser. And there are probably more, but those are the things I've used today.